Learning from other organizations’ breaches can help you safeguard your patients’ protected health information (PHI). Check out these major breaches and find out how important it is to adhere to HIPAA compliance regulations.

Ransomware affects approximately 128k patients

Ransomware was discovered on July 26 at Arkansas Oral Facial Surgery Center in Fayetteville, Arkansas.  An investigation was conducted and it was believed the ransomware was installed that day or the day before.  The Surgery Center notified the FBI of the situation.

For the most part, imaging files such as x-rays were affected, rather than the usual patient database.  This caused the imaging files to be inaccessible.  Additionally, some patient data pertaining to visits about three weeks prior to the incident were affected.  The Surgery Center was unable to determine if the information was accessed and is offering 12 months of credit monitoring at no charge to affected patients

Nearly 4,000 veterans’ PHI exposed from missing laptop

Mann-Grandstaff VA Medical Center (MGVAMC) in Spokane, Washington discovered that a decommissioned laptop used to interface with a hematology analyzer went missing.  MGVAMC was not able to determine what information was stored on the laptop, so every veteran who had a hematology sample processed through the analyzer between April 2013 and May 2016 could be affected.

MGVAMC is offering credit monitoring for one year at no charge and provided information on how to get the credit monitoring.

Five months to report a phishing attack

Augusta University Medical Center (AUMC) was targeted by a phishing attack, but took five months to report it.  The attack occurred in April and compromised two employees’ accounts.  The information contained patients’ names, dates of birth, Social Security Numbers, medical record information, insurance and financial information, and driver’s license numbers.

As soon as the breach was discovered, the two email accounts were disabled and passwords were reset.  AUMC has not been able to determine if the information contained in the email accounts was accessed for malicious means.  However, AUMC is offering credit monitoring for patients whose Social Security Numbers were breached.


These incidents give organizations ideas on what could happen, and now the burden is to plan ahead for similar incidents.  To learn more about what you can do to protect your patients’ information, join HIPAAgps today.